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CDT POLICY POST Volume 8, Number 
9, April 26, 2002 

A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE 
from 

THE CENTER FOR DEMOCRACY AND TECHNOLOGY 
CONTENTS: 

(1) Web Privacy Standard Set as W3C Recommendation 

(2) Background on P3P 

(3) Information on Access to P3P Tools and Sites 



(1) WEB PRIVACY STANDARD SET AS W3C 
RECOMMENDATION 

On April 16, the World Wide Web Consortium (W3C), the standard-setting body for 
the Web, issued the Platform for Privacy Preferences Project (P3P) 1.0 Specification 
as an official "Recommendation." The P3P 1.0 Specification is essentially a common 
language for expressing Web site privacy policies in machine-readable form. It 
allows users to set their Web browsers to automatically read Web site privacy 
policies and match them against a user's own preferences. Declaring P3P a W3C 
Recommendation indicates that it is a stable document, that it contributes to Web 
interoperability, and that the W3C Membership favor its widespread adoption. 

P3P was designed by a Working Group composed of privacy advocates including 
CDT, Web technology leaders, data protection commissioners, and global 
ecommerce companies. 

P3P alone will not resolve the privacy issue, but P3P is an important step in 
privacy protection because it can help consumers gain a better understanding of 
how Web sites collect and use their personal information. P3P-automated browsers 
allow users to easily view and understand privacy practices of the sites they visit. 
This awareness can empower users to control when, and to what extent, their 
personal information is released. Also, by giving consumers a standard way to 
compare practices across sites, this new transparency can help build a greater 
marketplace for privacy. The finalization of the standard should encourage Web 
sites and online businesses to build P3P into their sites. And the P3P vocabulary and 
P3P tools could also help regulatory and self-regulatory agents check for 
compliance with baseline standards. 

The P3P Specification, the W3C announcement and a wealth of other 
information may be viewed at http://www.w3c.Org/P3P/#news . 
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(2) BACKGROUND ON P3P 

Imagine walking down the street, looking into store windows. As you are about to 
enter a store, you see prominently displayed on the door an easy-to-read privacy 
policy that conforms to all local laws. Based on the notice you may decide to enter 
and shop or you may choose to take your business elsewhere. In this case, you 
choose to enter. After browsing the aisles, you select a product and head to the 
checkout counter. You hand over your credit card, cash or other form of payment 
and walk out with your purchase. The information you provided during the 
transaction will be used only for the purposes stated in the store's policy. 

This is the P3P vision of online commerce. P3P is designed to provide Internet 
users with a clear understanding of how personal information will be used by a 
particular Web site, upfront, without having to read small-print legalese. Web site 
operators can use the P3P language to explain their privacy practices to visitors. 
Users can configure their browsers or other software tools to provide notifications 
about whether Web site privacy policies match their preferences. Parents can set 
privacy rules that govern their children's activities online. Consumers can make 
better judgments about which Web sites respect their privacy concerns. 

P3P 1.0 creates the framework for machine-readable privacy policies. Web sites 
can express their privacy policies in a standardized format that can be read by Web 
browsers and other end-user software tools. These tools can display information 
about a site's privacy policy to end users and take actions based on a user's 
preferences. Such tools can notify users when the sites they visit have privacy 
policies matching their preferences and provide warnings when a mismatch occurs. 

P3P is not a panacea for privacy, but it does represent an important opportunity 
to make progress in building greater privacy protections in the Web experience of 
the average user. There is still a strong need for additional privacy enhancing 
technologies; better consumer education; and baseline legislation to create a 
national standard for privacy expectations online. CDT strongly advocates the 
development of such initiatives, as well as the continued development of P3P. 

For more information on P3P, see "P3P and Privacy: An Update for the Privacy 
Community," by CDT and the Ontario Information and Privacy Commissioner: 
htt p://www.cdt.org/privacy/pet/p3pprivacy.shtml . 

The P3P home page is htt p://www.w3c.org/p3p/ . 
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There are several informative sites for consumers and businesses on P3P 
Implementation: 

For an overview of P3P's history, FAQs and other background information on 
P3P and its derivation, the W3C provides an excellent resource at 
http://www.w3c.org/p3p / 

Businesses interested in enabling their Web sites with P3P will find the 
necessary implementation guides at the P3P home page, http://www.w3c.org/p3p /. 
Other helpful assistance may be found at http://www.p3ptoolbox.org . 

To assist in proper P3P implementation, the W3C has created a P3P policy 
validator, a tool that checks P3P policies to ensure no errors exist within the 
implementation code. The P3P policy validator is located at 
http://www.w3c.org/p3p/validator 

For consumers and the general public, P3P-enabled Web browsers and plug-ins 
are available. These include Microsoft's Internet Explorer 6.0, which can be 
downloaded at htt p://www.microsoft.com/windows/ie/downloads/default.asp and 
AT&T's Privacy Bird at http://www.privacybird.com . Netscape is expected to 
implement P3P in the Navigator browser in its next development cycle. 

A complete implementation package has been created by the Joint Research 
Centre in Ispra, Italy — http:// p3p.jrc.it/index.php 

Also, for an analytical background on P3P's development as a W3C 
Recommendation, its criticisms and rebuttals thereof, the P3P homepage provides 
documents and periodicals covering such issues: http://www.w3c.Org/P3P/#papers 



Detailed information about online civil liberties issues may be found at 
http://www.cdt.org/ . 

This document may be redistributed freely in full or linked to 

http://www.cdt.org/publications/pp 8.09.shtml . 

Excerpts may be re-posted with prior permission of ari@cdt.org 
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